Blogs

SOBRE ESTE BLOG

Blog entries are related to the mainframe operating system z/VSE. Ingolf will share news, hints & tips or any topic. The postings on this site are my own and don't necessarily represent IBM's positions, strategies or opinions.
Contact: salm@de.ibm.com

Important info on APAR PM80542/UK91650

With APAR PM80542/UK91650, which was included in z/VSE 5.1.2 Upgrade, the transaction security phase DTSECTXN was delivered by error. This phase will get active in the system replacing transaction security settings for IBM provided transactions in case the new security concept based on BSTCNTL definition is used. If not yet migrated to the new concept it will even replace all customer defined transaction security settings.

In case the new concept is used (you can find out using IUI dialog 285, you will not get migration offered) delete DTSECTXN.PHASE from IJSYSRS.SYSLIB.

If the old concept is used, there should be the original phase stored in PRD2.SAVE, the new (IBM transactions only) phase in IJSYSRS.SYSLIB. It is recommended to merge the new IBM definition into existing setup as follows:

In dialog 285 specify do not migrate, use PF5 merge key and process key after verifying your transactions are included. This will replace the wrongly delivered DTSECTXN phase.

Error symptoms:

If on new concept, IBM provided transactions will run with default authorization, that means if for example CEMT transaction was moved out of GROUP01, after above PTF CEMT is authorized for GROUP01 again.

If on old concept, IBM provided transactions will be authorized for standard setup, but transactions for user applications are not authorized anymore.